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(57) Abstract: The present invention 
relates to a microcircuit comprising a 
memory (M) where a secret installation 
key (Kl) is stored, means for receiving 
a program to be installed and a 
program- specific check value from 
external equipment, and a processor (P) 
for executing a predetermined installation 
program (INST) which checks on the 
basis of the secret installation key 
(Kl) stored in the memory (M) and the 
program-specific check value (Tl, T2) 
whether the program (PROG1, PROG2) 
to be installed is authentic and which 
installs said program if the check finds 
it authentic. To make sure that the secret 
installation key would not fall in the 
hands of outsiders even after installation, 
the microcircuit (4) is arranged to delete 
the secret installation key (Kl) from the 
memory (M) prior to starting the program 
installed by the installation program 
(INST). 
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Installation of programs into microcircuit 

The invention relates to installing programs into a microcircuit such 
that the microcircuit will be provided with only the programs the commissioner 
desires to be installed therein. The invention is well suited for applications 
5 where data security in installing the programs is of primary importance. In the 
following the invention will be described, by way of example, with reference to 
smart card manufacturing, even though it should be noted that the present in- 
vention can also be utilized in other applications. 

Smart card manufacturing can roughly be divided into two different 

10 phases, the first of which is the fabrication of a microcircuit and the second is 
the installation of necessary programs. In smart card applications it is ex- 
tremely important that the smart card manufacturer is fully aware of the pro- 
grams that are installed in the microcircuit of the finished smart card. This is 
important, because if an outside aggressor has succeeded in loading a pro- 

15 gram of his own into the microcircuit of the smart card, the smart card serving 
as a pay card or an electronic identity card, for instance, may function in an 
unpredictable manner in certain situations, which causes considerable dam- 
age. Hence, the aim is to fabricate the smart card microcircuits such that only 
the correct programs can be installed into the microcircuit. 

20 In prior art solutions, the microcircuit manufacturing process is di- 

vided into two phases, so that a microcircuit, in a memory of which a secret in- 
stallation key and an installation program are stored, is manufactured in the 
first phase. For practical reasons, the fabrication of microcircuits is often com- 
missioned to outside subcontractors, and the commissioner of the card hands 

25 over the installation key and installation program to be employed in the micro- 
circuit fabrication to the subcontractor. Thus, the same secret installation key 
and installation program are used in a large number of microcircuits. 

In the second phase of the microcircuit manufacture, the actual pro- 
grams and microcircuit-specific secret keys are installed in the microcircuits. 

30 The installation of the programs requires an installation key stored in the mem- 
ory of the microcircuit during fabrication. A check value, on the basis of which 
the installation program of the microcircuit can check that an authentic program 
is in question, is generated for each program to be installed by means of the 
installation key. The installation program of the microcircuit will install into the 

35 microcircuit only the programs that it is able to authenticate by means of the 
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installation key. If the installation program finds that the program to be installed 
is authentic, it allows the installation of the program into the microcircuit. The 
installation of the program(s) being completed, the installed program starts up 
and begins functioning in the microcircuit. 
5 In order to maximize the security in a manufacturing process as de- 

scribed above, the secret installation key, by which the correct check value of 
the program can be generated, is at the disposal of only few persons. So, only 
these few selected persons can accept the installation of a specific program 
into a microcircuit by generating a program-specific check value for said pro- 

1 0 gram by means of the secret installation key at their disposal. 

A drawback with the above-described prior art solution is that a per- 
son belonging to the manufacturer's own personnel may have created a pro- 
gram, intentionally or unintentionally, by means of which the secret installation 
key of the microcircuit can be read from the microcircuit, said program having 

15 started up on the microcircuit. Because the person concerned is an employee 
in the manufacturing organization, a program created by this person may ob- 
tain an authentic program check value from a person who has access to the 
necessary secret installation key. In this manner, the program gets a check 
value on the basis of which the installation program of the microcircuit will iden- 

20 tify it as an authentic program, and hence, allow the installation and start up 
thereof in the microcircuit. A microcircuit of this kind, with a readable secret 
installation key, may cause considerable trouble, because an outsider, having 
received the secret installation key by reading it from the microcircuit, can cre- 
ate any suitable programs and generate correct check values for them with the 

25 secret installation key. The installation programs of new microcircuits to be fab- 
ricated will thus identify these programs as authentic and consequently allow 
the installation thereof into the microcircuits. 

The object of the present invention is to solve the drawback associ- 
ated with the above-described prior art solution and to provide a solution that 

30 improves data security in the fabrication of microcircuits. This is achieved with 
a method according to the invention for installing programs into a microcircuit, 
the method comprising storing a secret installation key in a microcircuit mem- 
ory during fabrication, generating a program-specific check value for the pro- 
grams to be installed with the secret installation key, checking the authenticity 

35 of each program to be installed in connection with program installation by 
means of the secret installation key stored in the microcircuit memory and the 
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program-specific check value, and allowing the program installation only if said 
program is found authentic on the basis of the check. The method according to 
the invention is characterized by deleting the secret installation key, stored in 
the microcircuit memory, upon completion of the program installation, and 
5 starting the installed programs in the microcircuit after deletion of the secret 
installation key. 

The invention also relates to a microcircuit, which comprises a 
memory, where a secret installation key is stored, means for receiving a pro- 
gram to be installed and a program-specific check value from external equip- 

10 ment, and a processor for executing a predetermined installation program 
which checks on the basis of the secret key stored in the memory and the pro- 
gram-specific check value, whether the program to be installed is authentic 
and which installs said program if it is found authentic on the basis of the 
check value. The microcircuit according to the invention is characterized by be- 

15 ing arranged to delete the secret installation key from the memory prior to 
starting the program installed by the installation program. 

The invention is based on the idea that manufacturing of microcir- 
cuits and installation of programs become much more secure, when the secret 
installation key needed for the program installation is deleted from the micro- 

20 circuit memory prior to the start up of the installed program(s). Thus, the secret 
installation key of the microcircuit cannot fall in the hands of an outsider, even 
though the microcircuit would be provided with a program that enables reading 
of the secret installation key from the microcircuit memory. This results from 
the fact that the secret installation key was erased from the microcircuit mem- 

25 ory before the program enabling its reading started up. The most considerable 
advantage of the solution according to the invention is thus the improved data 
security, because not even a person within the organization of the commis- 
sioner can create a situation where the secret key of the microcircuit would be 
readable from the microcircuit. 

30 In one preferred embodiment of the invention, the programs to be 

installed into the microcircuit are classified in predetermined classes, whereby 
a class code is defined for each program to be installed, which class code is 
checked in connection with installation when the authenticity of the program is 
to be verified and which is utilized in the installation of the program. This em- 

35 bodiment according to the invention helps to pre-empt such intentional or unin- 
tentional errors that may arise from the wrong program classification. For in- 
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stance, if a program designed for testing purposes is incorrectly classified as a 
production program and it is thereafter transferred to a microcircuit for installa- 
tion, the installation program of the microcircuit attempts to install it the way the 
production programs should. Because the program actually is a test program, 
5 the installation fails. 

The preferred embodiments of the method and the microcircuit ac- 
cording to the invention are disclosed in the attached dependent claims 2 to 3 
and 5 to 6. 

In the following, the invention will be described in greater detail by 
10 way of example, with reference to the attached drawings, wherein 

Figure 1 is a flow chart of a first preferred embodiment of a method 
according to the invention; 

Figure 2 illustrates a first preferred embodiment of a microcircuit ac- 
cording to the invention; 
15 Figure 3 illustrates a second preferred embodiment of the microcir- 

cuit according to the invention; and 

Figure 4 illustrates how secret keys are stored in a memory of the 
microcircuit. 

Figure 1 is a flow chart of a first preferred embodiment of a method 

20 according to the invention. The flow chart of Figure 1 can be utilized in install- 
ing programs into a microcircuit of a smart card, for instance. 

In block A, an installation key is stored in the microcircuit in connec- 
tion with fabrication. The same installation key is stored in the memory of a plu- 
rality of microcircuits in connection with fabrication. 

25 In block B, a program-specific check value is generated for each 

program intended for installation into the microcircuit. The program-specific 
check value can be generated by an algorithm that computes a specific check 
value on the basis a program code and a secret installation key. Thus, the 
check value and the program code will form a pair, whose authenticity can be 

30 verified by means of the installation key. 

In block C, the produced program and its check value are fed to the 
microcircuit. The memory of the microcircuit contains the same algorithm (part 
of the installation program) and the same secret installation key, by which the 
check value is generated in block B. Thus, the installation program of the mi- 

35 crocircuit is able to check the authenticity of the program to be installed, i.e. 
the program is authentic if the result of the computational operation carried out 
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on the basis the secret key of the installation program and the program code 
matches with the check value. 

If the microcircuit finds in block D that the program is not authentic, 
the installation program of the microcircuit interrupts the program installation by 
5 proceeding to block F. But if the program is authentic, the processor of the mi- 
crocircuit executes the installation in accordance with installation program. 

In block F, the microcircuit checks if there still are other programs to 
be installed. If not, it deletes the secret installation key from its memory in 
block G. Thereafter, the microcircuit starts the installed programs in block H. 

10 Because the starting of the installed programs does not take place 

until in block H, after deletion of the secret installation key in block G, it is pos- 
sible to pre-empt a situation where any one of the installed programs would 
enable reading the secret installation key from the microcircuit memory. This is 
not possible in the method according to the flow chart of Figure 1, because the 

15 secret installation key will no longer be in the microcircuit memory when the 
installed program starts up. 

Figure 2 illustrates a first preferred embodiment of a microcircuit ac- 
cording to the invention. Figure 2 shows three separate production phases 1 to 
3 of the microcircuit 4. This division can be utilized in the production of micro- 

20 circuits intended for smart cards, when it is extremely important that only the 
correct programs will be installed into the microcircuit so that its operation 
would be fully predictable at all times. For instance, when smart cards are 
manufactured, the division can be such that a subcontractor manufactures the 
microcircuits, the commissioner of the microcircuits produces the necessary 

25 programs and secret keys, and the programs and the secret keys are installed 
into the microcircuits either by the commissioner or a third party. 

The program production takes place in phase 1. In the case of Fig- 
ure 2, it is assumed that programs PROG1 and PROG2 are to be installed into 
the microcircuits to be produced. However, it is not desired that these pro- 

30 grams be handed over to production phase 2, where the actual fabrication of 
the microcircuit takes place. If the programs to be installed were handed over 
to the production phase 2, very high attention should be paid to the security in 
the production phase 2 so as to make sure that no outsider would have a 
chance to tamper the programs to be installed. Instead, from the program pro- 

35 duction it is possible to hand over an installation program INST and a secret 
installation key K1 to the production phase 2. These are stored in the memory 
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M of the microcircuits in connection with the mechanical microcircuit fabrica- 
tion. When the microcircuit 4 leaves the production phase 2, it comprises at 
least a processor P and one or more memories M, where the necessary pro- 
gram^) is/are stored in order to make it possible for the microcircuit to receive 
5 other data later on, such as programs and secret keys. 

When the microcircuit 4 fabrication is completed and the installation 
program INST and the secret installation key K1 are stored in its memory M, 
the microcircuit is transferred to the production phase 3 where the programs 
PROG1 and PROG2 will be installed. To make this possible, the microcircuit is 

10 attached with pins (not shown in the figure) therein to external equipment, such 
as a computer peripheral. In order that the commissioner of the microcircuit 
could be sure that inappropriate programs are not installed, intentionally or un- 
intentionally, in the microcircuit in the production phase 3, the installation pro- 
gram INST delivered from the program production to the microcircuit fabrica- 

15 tion is selected such that it installs into the microcircuit only programs that are 
authentic on the basis of the authentication carried out with the secret installa- 
tion key K1 . 

The authentication is made possible, when a check value T1 is 
computed for the program PROG1 in the program production by utilizing a 

20 predetermined algorithm, the program code PROG1 and the secret installation 
key K1. Correspondingly, a check value T2 is computed for the program code 
PROG2 by utilizing the secret installation key K1. The algorithm by which the 
check values are computed forms part of the installation program INST, and 
consequently it also exists in the memory of the microcircuit 4, for the microcir- 

25 cuit to be able to make the corresponding computational operation. In addition 
to the programs PROG1 and PROG2, also their check values T1 and T2 are 
thus forwarded from the production phase 1 to the production phase 3, i.e. to 
the program installation. 

The check values T1 and T2 are applied with the programs PROG1 

30 and PROG2 into the microcircuit through its input. The processor of the micro- 
circuit 4 then carries out authentication by means of the algorithm included in 
the installation program INST, in which authentication it checks with the secret 
installation key K1 if the check values are correct. If the check values are cor- 
rect, the installation program INST of the microcircuit installs the programs 

35 PROG1 and PROG2 into the microcircuit. When the installation is completed, 
the installation program deletes the secret installation key K1 from the memory 
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M of the microcircuit. Thereafter, the installation program starts the installed 
programs and ceases to function. 

Figure 3 illustrates a second preferred embodiment of the microcir- 
cuit according to the invention. The embodiment of Figure 3 corresponds to 
5 great extent with that of Figure 2, and therefore the embodiment of Figure 3 
will be described in the following primarily in so far as it differs from the em- 
bodiment of Figure 2. 

The embodiment of Figure 3 employs program classification into dif- 
ferent levels. For instance, three different levels can be employed: 
10 1) production level programs, which have to be protected in such a 

manner that an outside aggressor is not able to get any data from the pro- 
grams or the microcircuit in any way whatsoever, 

2) clients' test level programs, which permit the clients to test their 
own programs and codes. For instance, in the case of a smart card, a typical 

15 client could be a bank whose data processing department should be able to 
test how the programs of their own production function in the microcircuit. 
Hence, the clients' test level programs are such that provide limited access to 
the information stored in the memory of the microcircuit, 

3) manufacturer's test level programs, which permit the manufac- 
20 turer to test how the microcircuits function. The manufacturer's test level pro- 
grams thus provide unlimited access to the information stored in the memory of 
the microcircuit. 

A class code LEVEL, which indicates the level of the program in 
question, is defined for the programs provided by the program production. 

25 When a check value is generated for a finished program PROG1 by means of 
the secret installation key K1, an algorithm is used which also utilizes the class 
code, in addition to the program code and the installation key. Correspond- 
ingly, the installation program INST' utilizes the same algorithm which takes 
into account the class code when checking the authenticity of the program 

30 prior to installation. In the embodiment of Figure 3, the programs PROG1 and 
PROG2 to be installed, their class codes LEVEL1 and LEVEL2 and the check 
values T1 and T2 of the programs are thus forwarded from the production 
phase 1 to the production phase 3. 

The installation program INST stored into the microcircuit 4 during 

35 fabrication is made such that it processes programs of different levels differ- 
ently. In other words, if for some reason a test level program is classified as a 



WO 02/44995 



PCT/FI01/01033 



8 

production level program on the basis of the class code, the installation of this 
program fails, because the installation program INST subjects it to operations 
during installation, which lead in a successful installation if a test program is 
concerned, but in a failure if a production level program is concerned. This can 
5 be implemented, for instance, such that the installation program performs 
class-code-dependent computational operations in connection with the installa- 
tion, whereby the computational operations proceed to a correct final result 
(successful installation) for the program to be installed, only, if said program is 
given a correct class code. 

10 Figure 4 illustrates the storing of secret keys in the memory of the 

microcircuit. The storing of the secret keys as described in Figure 4 can be util- 
ized in the embodiments of both Figure 2 and Figure 3. In other words, in addi- 
tion to what is described as stored in the memory of the microcircuit in connec- 
tion with Figures 2 and 3, it is also possible to store secret keys as indicated in 

15 Figure 4. 

In the example of Figure 4 the storing of secret keys is described 
assuming that the storing of programs takes place according to the embodi- 
ment of Figure 2. Hence, this example does not employ class codes of the pro- 
grams. In the case of Figure 4 there are two keys to be stored, i.e. A1 and A2. 

20 In connection with secret key production, the keys are encoded, whereby they 
can be transferred to the production phase 3 without that any outsider finds out 
the secret keys. The secret keys are encoded with a code key K2 which is 
computed by a predetermined coding algorithm by utilizing a random number 
RND and the secret installation key K1. When the code key K2 is computed, 

25 the keys A1 and A2 are encoded such that the encoded keys AV and A2' are 
obtained. These encoded keys A1' and A2' and the random number RND are 
forwarded to the production phase 3, where they will be applied to the micro- 
circuit in connection with the program installation. 

In the case of Figure 4, the microcircuit installation program INST" is 

30 employed, which includes the above-mentioned coding algorithm, whereby the 
processor of the microcircuit can compute the code key K2 by means of the 
secret installation key K1 and the random number RND received in the produc- 
tion phase 3. By means of this code key the installation program of the micro- 
circuit can decode the encoded keys AV and A2' such that the secret keys A1 

35 and A2 are stored in the memory of the microcircuit. 
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It should be understood that the above description and the relating 
figures are only intended to illustrate the present invention. It is apparent to a 
person skilled in the art that the invention can be varied and modified in a vari- 
ety of ways without deviating from the scope and spirit of the invention dis- 
5 closed in the accompanying claims. 
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CLAIMS 

1 . A method for installing programs into a microcircuit, the method 
comprising 

storing a secret installation key in a microcircuit memory during fab- 

5 rication, 

generating a program-specific check value for the programs to be in- 
stalled with the secret installation key, 

checking the authenticity of each program to be installed in connec- 
tion with program installation by means of the secret installation key stored in 
10 the microcircuit memory and the program-specific check value, and 

allowing the program installation only if said program is found au- 
thentic on the basis of the check, characterized by 

deleting the secret installation key, stored in the microcircuit mem- 
ory, upon completion of the program installation, and 
15 starting the installed programs on the microcircuit after deletion of 

the secret installation key. 

2. A method as claimed in claim 1, characterized by 
classifying the programs to be installed into the microcircuit into pre- 
determined classes and defining for each program to be installed a class code 

20 indicating the class of the program, 

generating said program-specific check value by an algorithm, which 
takes into account the class code of the program, in addition to the secret key 
and the program, and 

checking the authenticity of each program to be installed in connec- 
25 tion with installation by means of the secret key stored in the memory of the 
microcircuit and the program class code applied to the microcircuit, and 

installing the program class-code-dependently, if the program is 
found authentic on the basis of the check. 

3. A method as claimed in claim 2 or 3, characterized in that 
30 for storing the secret keys into the memory of the microcircuit, the method 

comprises 

computing a code key by a coding algorithm which utilizes the secret 
installation key and a random number, 

encoding the secret keys to be stored with the computed code key, 
35 applying the encoded secret keys and said random number to the 

microcircuit, and 
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computing the code key by means of the secret installation key 
stored in the memory of the microcircuit, the random number and said coding 
algorithm, and decoding the encoded secret keys with the computed code key 
and storing the secret keys into the memory. 
5 4. A microcircuit comprising 

a memory (M) where a secret installation key (K1) is stored, 

means for receiving a program to be installed and a program-specific 
check value from external equipment, and 

a processor (P) for executing a predetermined installation program 
10 (INST, INST, INST") which checks on the basis of the secret installation key 
(K1) stored in the memory (M) and the program-specific check value (T1, T2), 
whether the program (PROG1, PROG2) to be installed is authentic, and which 
installs said program if it is found authentic on the basis of the check, char- 
acterized in that the microcircuit (4) is arranged to delete the secret in- 
15 stallation key (K1) from the memory (M) prior to starting the program installed 
by the installation program (INST, INST, INST"). 

5. A microcircuit as claimed in claim 4, characterized in that 

the microcircuit (4) is arranged to receive a class code (LEVEL1 , 
LEVEL2) of the program to be installed together with the program (PROG1, 
20 PROG2) and the program-specific check value (T1, T2), and that 

the microcircuit (4) is arranged to utilize the program-specific class 
code (LEVEL1, LEVEL2) in checking the authenticity of the program (PROG1, 
PROG2) to be installed and to install the program class-code-dependently if 
the program is found authentic on the basis of the check. 
25 6. A microcircuit as claimed in claim 4 or 5, characterized in 

that 

the microcircuit (4) comprises means for receiving encoded secret 
keys (A1\ A2') and a random number (RND) from external equipment, and that 

the microcircuit (4) is arranged to compute a code key by means of a 
30 predetermined coding algorithm, a secret installation key (K1) and said random 
(RND), and to decode the encoded secret keys (A1\ A2') with said code key 
and to store the secret keys (A1 , A2) into the memory (M). 
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